Vulnerabilities > Cisco > SD WAN Firmware

DATE CVE VULNERABILITY TITLE RISK
2021-01-20 CVE-2021-1241 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Cisco products
Multiple vulnerabilities in Cisco SD-WAN products could allow an unauthenticated, remote attacker to execute denial of service (DoS) attacks against an affected device.
network
low complexity
cisco CWE-119
7.5
2021-01-20 CVE-2021-1233 Improper Input Validation vulnerability in Cisco products
A vulnerability in the CLI of Cisco SD-WAN Software could allow an authenticated, local attacker to access sensitive information on an affected device.
local
low complexity
cisco CWE-20
4.4
2021-01-20 CVE-2021-1305 Incorrect Authorization vulnerability in Cisco products
Multiple vulnerabilities in the web-based management interface of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to bypass authorization and modify the configuration of an affected system, gain access to sensitive information, and view information that they are not authorized to access.
network
low complexity
cisco CWE-863
4.3
2021-01-20 CVE-2021-1301 Improper Input Validation vulnerability in Cisco products
Multiple vulnerabilities in Cisco SD-WAN products could allow an unauthenticated, remote attacker to execute attacks against an affected device.
network
low complexity
cisco CWE-20
critical
9.8
2021-01-20 CVE-2021-1300 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Cisco products
Multiple vulnerabilities in Cisco SD-WAN products could allow an unauthenticated, remote attacker to execute attacks against an affected device.
network
low complexity
cisco CWE-119
critical
9.8
2021-01-20 CVE-2021-1299 Improper Input Validation vulnerability in Cisco products
Multiple vulnerabilities in Cisco SD-WAN products could allow an authenticated attacker to perform command injection attacks against an affected device, which could allow the attacker to take certain actions with root privileges on the device.
network
low complexity
cisco CWE-20
8.8
2021-01-20 CVE-2021-1298 Command Injection vulnerability in Cisco products
Multiple vulnerabilities in Cisco SD-WAN products could allow an authenticated attacker to perform command injection attacks against an affected device, which could allow the attacker to take certain actions with root privileges on the device.
network
low complexity
cisco CWE-77
8.8
2021-01-20 CVE-2021-1279 Improper Input Validation vulnerability in Cisco products
Multiple vulnerabilities in Cisco SD-WAN products could allow an unauthenticated, remote attacker to execute denial of service (DoS) attacks against an affected device.
network
low complexity
cisco CWE-20
8.6
2021-01-20 CVE-2021-1278 Link Following vulnerability in Cisco products
Multiple vulnerabilities in Cisco SD-WAN products could allow an unauthenticated, remote attacker to execute denial of service (DoS) attacks against an affected device.
network
low complexity
cisco CWE-59
7.5
2021-01-20 CVE-2021-1274 NULL Pointer Dereference vulnerability in Cisco products
Multiple vulnerabilities in Cisco SD-WAN products could allow an unauthenticated, remote attacker to execute denial of service (DoS) attacks against an affected device.
network
low complexity
cisco CWE-476
8.6